New to 4MLinux?

Pages

Tuesday, February 5, 2013

Antivirus Live CD

Antivirus Live CD is a 4MLinux fork including the ClamAV scanner. Both Ethernet (including Wi-Fi) and dial-up
(including fast USB modems) Internet connections are supported to
enable automatic updates of the virus signature database.

1) Boot your copy of Antivirus Live CD (or Antivirus LiveUSB):

2) Once it has booted, you can log in as 'root' using password 'root':

3) After executing 'help', you will see the following screen:

4) And after executing 'antivir', you will see this screen:

5) It is highly recommended to update virus databases:

NOTE:

If you need to configure your Internet connection, you should run the 'netconfig' script (the procedure is very similar to the one described here).

6) And finally, when the update process is over, you can start the ClamAV scanner:

NOTE:Antivirus Live CD will check all your disks against viruses. This is possible because all
partitions are mounted automatically during boot so that they can be
scanned by ClamAV (the supported filesystems are: btrfs, ext2, ext3, ext4, f2fs, fat16, fat32, hfs, hfs+, jfs, nilfs2, ntfs, reiser4, reiserfs, and xfs).

7) AntivirusLivecd hasMidnight Commander (file manager) and Links
(text-based web browser), which can be very helpful in some cases:

NOTE:

AntivirusLivecd is able to make a backup of your data (and to send it to a remote FTP/SFTP server if desired). Just try it yourself by
executing 'backup' and 'fsbackup' commands!

Hello, is there a way (in the latest version) to make a scan without taking any action? I would like to just have a report of the detected infected files, without deleting/moving/renaming them automatically. Thanks.

You are not the first one who asks about that. Within 48 hours there will be a new release, which will allow AntivirusLiveCD user to decide what should be done with suspicious files. Normally, this should be quicker, but I am a little busy with my TheSSS now ;-)

Open Midnight Commander (by executing "mc"), select the files that you want scan (you can navigate using your mouse), press F2, choose "Do something on the current file", type "clamscan", and click on the OK button. You will have to wait a few seconds till antivirus is started.

The problem is that modern antiviruses have virus databases ca 50MB (or even more). This must be loaded to RAM (plus, of course, operating system itself). --------

If you have at least 1GB of a free disk space and you are familiar with Linux, you may try to install TheSSS to your hard disk drive (see the "Links" section at the top of this page). TheSSS is installed on http://server.4mlinux.com, which has only 128 MB of RAM, and the "antivir" command works flawlessly.

Running AntivirusLiveCD 6.1-0.97.8 in a PC with 768MB of RAM, when I enter immediately after booting and logging in:# clamscan -r /mnt/sda3/home/richard/Documents/BCS(which is a valid directory on one of my existing partitions) I get the error:LibClamAV error: cl_load(): Can't get status of /usr/local/share/clamav.Running:# freshclam -vbefore clamscan didn't help.Any assistance would be greatly appreciated.

One more remark. You have run antivirus "immediately after booting". You MUST allow clamav to update its virus signature database before running the scanner. Execute the "antivir" script. When the update process is over, you can interrupt this script by pressing CTRL+C.

This is a very cool little tool.While it's possible to use pretty much any live cd solution to scan media for viruses with clamav, AntiVirusLiveCD presents the process in a very clean and uncluttered environment, perfect to reasure those management-types that nothing is going to get worse than it already might be.

Could the author (i'm discovering 4MLinux here) put a wiki up for AntiVirusLiveCD? I have some documentation to contribute

Still hanging at change root password screen when I boot to this cd. I tried enabling VESA Frame buffer with default option (hit space instead of enter). I tried to boot with VESA frame buffer enabled and selected 800x600 graphics mode and any way I try it, it hangs at the change root password screen. I appreciate your work and would like to help troubleshoot, but I have a virus to eradicate... ;)

Ok, I have maybe an odd question: Is it possible to boot the live cd, update the signatures, then re-burn the live cd? I thought about using virtualbox somehow but I'm not sure how to create the iso image from the running system because I think its running in ram? can you dd a live system from ram to make a live distro? I'm just asking because sometimes it takes a while to update the signatures and if I could only do it once in a while it would be handy. It's an awesome tool by the way!

TIP:It is a good idea to interrupt the update process if it goes very slow. You can do by pressing CTRL+C. Then you can execute the "antivir" command again, and you will have a big chance to get connected to a faster mirror.

My machine has two disks, one has 100G/500G Linux Slackware-14 with ext2 fs, the other has OpenBSD (250GB) that has caused everything. Would it be necessary to remove OpenBSD from 250gb disk in order to your AntiVirus.xxx.db.iso work?

It's a cool tool. I have installed it in my USB "bag of tricks" via YUMI. However, I am running into an update issue. I can connect to my wifi, and when I run antivir, it does not ask me for an update. I had to add a user 'clamav', and chown the /var/clamav to the clamav user, and then run freshclam to have it updated manually. Any idea what might be wrong in my setup? I did not change any files or anything.

Well I made it work for my purpose. I edit the initrd with a simple script, that automatically adds a user "clamav" with a standard password, chowns the dir /var/clamav and links /etc/freshclam.conf to /var/clamav/freshclam.conf. I added my script in the rcS file at the end to make it run at boot.It works for me. I cannot use UNetbootin, as my USB stick has several tools to boot from, each for different purposes. I have Hiren's bootcd, antivirus live cd, memtest, and two different live linux distributions, that I can choose from in a nice boot menu that I adapted to my needs. It took me a while to have it running, but it does what I want it to do now.

Well, this does seem to do the job, thanks....However, after logging-in, I was informed that the virus database was over seven days out-of-date; and went straight to scan - there was no option to allow the update to take place. I have rebooted several times all with the same result, any ideas, please?

I have issues with my b****y Windows disc (Linux Mint is my default) and after a five hour scan 19 infected files were detected, so I'd like to find them and avoid a complete re-install.